As more and more people in world use computers, there becomes an increased need for security to control what data can be accessed, where and when people can access it, and which people are allowed any access to secure data. Copyrighted materials are of a particular area of interest as the media material objects such as records, tapes, and disks are now being replaced by digital media content. It has become common to store content such as songs and video in digital form.
In the world of printed documents and other physical content, a work created by an author is usually provided to a publisher, which formats and prints numerous copies of the work. The copies are then sent by a distributor to bookstores or other retail outlets, from which the copies are purchased by end users. While the low quality of copying and the high cost of distributing printed material have served as deterrents to unauthorized copying of most printed documents, it is far too easy to copy, modify, and redistribute unprotected digital works with high quality. Accordingly, mechanisms of protecting digital works are necessary to retain rights of the owner of the work.
Many systems exist for transferring and playing media content. If the content is valuable, the content owner will restrict access to the content. For example, a user might be granted access in exchange for payment. Once the user has accessed the content, however, it is relatively easy for the user to copy the content and transfer it to someone else, who can then play it freely. A content owner wants to restrict playback to authorized users without preventing these users from accessing and playing the content.
Content producers and distributors using the ‘pay per view’ or ‘pay per download’ content principle have been very negatively affected with the creation of P2P (Peer to Peer) networks, which allow exchanging files with content free of charge without the user who sees the content paying any price at all.
In modern P2P networks such as BitTorrent, there are no servers that can be shut down by enforcement agencies. There is not a single central point where the agencies can stop the operation of the network. In order to stop a pure P2P network, it is necessary to paralyze all its nodes or most of them, which greatly hinders the effectiveness of legal actions aimed at shutting down these networks.
Unfortunately, it has been widely recognized that it is difficult to prevent, or even deter, people from making unauthorized copies of electronic works within current general-purpose computing and communications systems such as personal computers, workstations, and other devices connected over communications networks, such as local area networks (LANs), intranets, and the Internet. Many attempts to provide hardware-based solutions to prevent unauthorized copying have proven to be unsuccessful. The proliferation of high band-width “broadband” communications technologies render it even more convenient to distribute large documents electronically, including video files such as full length motion pictures, and thus will remove any remaining deterrents to unauthorized copying and distribution of digital works. Accordingly, Digital Rights Management (DRM) technologies are becoming a high priority to help secure such content from unauthorized use.
One of the basic DRM schemes employed is the secure containers method. A “secure container”, or simply an encrypted data method, offers a way to keep data contents encrypted until a set of authorization conditions are met and some copyright terms are honoured (e.g., payment for use). After the various conditions and terms are verified with the data provider, the data is released to the user. Clearly, the secure container approach provides a solution to protecting the data during delivery over insecure channels, but does not provide any mechanism to prevent legitimate users from obtaining the data and then using and redistributing it in violation of content owners' intellectual property.
A number of cryptographic techniques are available for use in encrypting data. For example, symmetric key techniques have been extensively used. With symmetric key arrangements, a first party encrypts data for a second party using a symmetric key. The second party decrypts the encrypted data using the same symmetric key. Symmetric-key systems require that the symmetric key be exchanged between the parties involved in a secure manner.
With public-key cryptographic systems such as the RSA cryptographic system, two types of keys are used—public keys and private keys. Data for a given party may be encrypted using the unique public key of that party. Each party has a corresponding private key that is used to decrypt the encrypted data.
Identity-based encryption schemes have also been employed. Such identity-based encryption schemes may use public parameters to encrypt data. These schemes are said to be “identity based,” because user-specific identity information such as a particular user's email address is used as one of the inputs to the encryption algorithm. Each user has a unique private key based on the user's identity for decrypting encrypted data.